1
22
23 package com.liferay.portal.servlet;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.PortalException;
27 import com.liferay.portal.SystemException;
28 import com.liferay.portal.kernel.log.Log;
29 import com.liferay.portal.kernel.log.LogFactoryUtil;
30 import com.liferay.portal.kernel.util.GetterUtil;
31 import com.liferay.portal.kernel.util.MethodInvoker;
32 import com.liferay.portal.kernel.util.MethodWrapper;
33 import com.liferay.portal.kernel.util.ObjectValuePair;
34 import com.liferay.portal.kernel.util.Validator;
35 import com.liferay.portal.model.User;
36 import com.liferay.portal.security.auth.CompanyThreadLocal;
37 import com.liferay.portal.security.auth.HttpPrincipal;
38 import com.liferay.portal.security.auth.PrincipalThreadLocal;
39 import com.liferay.portal.security.permission.PermissionChecker;
40 import com.liferay.portal.security.permission.PermissionCheckerFactory;
41 import com.liferay.portal.security.permission.PermissionThreadLocal;
42 import com.liferay.portal.service.UserLocalServiceUtil;
43 import com.liferay.portal.util.PortalInstances;
44
45 import java.io.IOException;
46 import java.io.ObjectInputStream;
47 import java.io.ObjectOutputStream;
48
49 import java.lang.reflect.InvocationTargetException;
50
51 import javax.servlet.http.HttpServlet;
52 import javax.servlet.http.HttpServletRequest;
53 import javax.servlet.http.HttpServletResponse;
54
55
61 public class TunnelServlet extends HttpServlet {
62
63 public void doPost(HttpServletRequest request, HttpServletResponse response)
64 throws IOException {
65
66 PermissionChecker permissionChecker = null;
67
68 try {
69 ObjectInputStream ois = new ObjectInputStream(
70 request.getInputStream());
71
72 Object returnObj = null;
73
74 try {
75 ObjectValuePair<HttpPrincipal, MethodWrapper> ovp =
76 (ObjectValuePair<HttpPrincipal, MethodWrapper>)
77 ois.readObject();
78
79 HttpPrincipal httpPrincipal = ovp.getKey();
80 MethodWrapper methodWrapper = ovp.getValue();
81
82 if (!isValidRequest(methodWrapper)) {
83 return;
84 }
85
86 long companyId = PortalInstances.getCompanyId(request);
87
88 CompanyThreadLocal.setCompanyId(companyId);
89
90 if (Validator.isNotNull(httpPrincipal.getLogin())) {
91 User user = null;
92
93 try {
94 user = UserLocalServiceUtil.getUserByEmailAddress(
95 companyId, httpPrincipal.getLogin());
96 }
97 catch (NoSuchUserException nsue) {
98 }
99
100 if (user == null) {
101 try {
102 user = UserLocalServiceUtil.getUserByScreenName(
103 companyId, httpPrincipal.getLogin());
104 }
105 catch (NoSuchUserException nsue) {
106 }
107 }
108
109 if (user == null) {
110 try {
111 user = UserLocalServiceUtil.getUserById(
112 GetterUtil.getLong(httpPrincipal.getLogin()));
113 }
114 catch (NoSuchUserException nsue) {
115 }
116 }
117
118 if (user != null) {
119 PrincipalThreadLocal.setName(user.getUserId());
120
121 permissionChecker = PermissionCheckerFactory.create(
122 user, true);
123
124 PermissionThreadLocal.setPermissionChecker(
125 permissionChecker);
126 }
127 }
128
129 if (returnObj == null) {
130 returnObj = MethodInvoker.invoke(methodWrapper);
131 }
132 }
133 catch (InvocationTargetException ite) {
134 returnObj = ite.getCause();
135
136 if (!(returnObj instanceof PortalException)) {
137 ite.printStackTrace();
138
139 returnObj = new SystemException();
140 }
141 }
142 catch (Exception e) {
143 _log.error(e, e);
144 }
145
146 if (returnObj != null) {
147 ObjectOutputStream oos = new ObjectOutputStream(
148 response.getOutputStream());
149
150 oos.writeObject(returnObj);
151
152 oos.flush();
153 oos.close();
154 }
155 }
156 finally {
157 try {
158 PermissionCheckerFactory.recycle(permissionChecker);
159 }
160 catch (Exception e) {
161 }
162 }
163 }
164
165 protected boolean isValidRequest(MethodWrapper methodWrapper) {
166 String className = methodWrapper.getClassName();
167
168 if (className.contains(".service.") &&
169 className.endsWith("ServiceUtil") &&
170 !className.endsWith("LocalServiceUtil")) {
171
172 return true;
173 }
174 else {
175 return false;
176 }
177 }
178
179 private static Log _log = LogFactoryUtil.getLog(TunnelServlet.class);
180
181 }